Due to the development of the network such as the recent widespread use of the Internet, an environment is being created in which services on distributed computers can be accessed. In utilizing service, a user typically selects servers satisfying the user's purpose, and individually accesses them. However, in the environment where a number of kinds of services and a number of servers are preset, it is difficult for a user to select an appropriate server. It will also take time and trouble to access selected servers successively, if the number of servers is great. Furthermore, access methods are generally varied depending upon the server, so that the user is required to learn various server access procedures, which increases the burden on the user.
As a method for solving the above-mentioned problem, there is a method for placing a facilitating apparatus between a user (client) and a server. The facilitating apparatus is also called a facilitator. In the following description, the facilitating apparatus will be referred to as a facilitator. The facilitator receives access (query) from a client, selects and introduces servers that can satisfy the user's request, accesses the servers in place of the client, and organizes the obtained results to send them to the client. In this way, the facilitator has a plurality of kinds of functions, and the representative one is brokering. Brokering is a function of transferring a request from a user to selected servers, receiving answers from the servers, and organizing the answers to send them to the user.
In the case of using the above-mentioned facilitator, the client only needs to know the address of the facilitator, and is not required to know whereabouts of a plurality of servers. Furthermore, the facilitator accesses each server in place of the client, so that the variations in access methods are absorbed by the facilitator, and the client is not required to pay attention to them.
In the prior art, the facilitator is configured as a single unit. However, the use of such a facilitator of a centralized configuration type has the following problems.
The first problem is that a load is likely to be concentrated. Access from all the users or servers is concentrated on one facilitator, so that the processing of the facilitator is likely to cause a decrease in the performance of the entire system.
The second problem is that the flexibility of the system is decreased. All the processing is conducted by one facilitator; therefore, in the case where the information on a part of users or servers is altered, the setting of the facilitator is more frequently changed. If the setting of the facilitator cannot be dynamically changed, it is required to terminate the facilitator. However, if the facilitator is terminated, it will be impossible to use the entire system. Thus, it is expected that, with the centralized configuration, it will become impossible to use the entire system more frequently due to the changes in the setting.
The third problem is concerned with the management problem of the system caused by sharing. For example, in the case where information is shared among a plurality of companies, if a facilitator has a centralized configuration, one facilitator is shared by a plurality of companies. In this case, the following problems will arise: who will manage the facilitator and how the management cost will be allocated in the case of joint management.
The fourth problem is concerned with security. The facilitator is required to hold information about what kind of data is present at which server. Such data needs high security and is required to be strictly managed. In the case where the facilitator has a centralized configuration, data is collected at one place. Therefore, when a plurality of entities are facilitated, information on one management entity of the facilitator may be leaked to another management entity.
In order to solve the above-mentioned problems, it is known that the facilitator is configured so as to have a distributed configuration using a cell apparatus conducting distributed processes (hereinafter, referred to as “cell”).
The facilitator having a distributed configuration will be described with reference to the drawings.
FIG. 32 illustrates a concept of the facilitator having a conventional distributed configuration. As shown in FIG. 32, a facilitator 500 is configured so as to have a distributed configuration using a plurality of cells, each autonomously conducting processing. The facilitator 500 includes three kinds of cells: a query cell 520, a transfer cell 530, and an answer cell 540. Each element in the figure is assigned an alphabetic number.
The query cell 520 has a function of authenticating a user, and receiving a request (query) from the user. The transfer cell 530 has a function of responding to an access request from one cell and transferring data to another appropriate cell. The answer cell 540 has an interface function with a server 550. These three kinds of cells are used respectively in a plurality of number, if required, distributed on the network, and operated in parallel. For example, when a request from a user 560 is sent to the server 550, each cell distributed on the network receives an access request from the user 560, compares it with its own condition equation, and transfers the request to a subsequent cell satisfying the condition. This operation is conducted by individual cells successively until the request from the user 560 reaches the server 550, whereby, as the entire facilitator, the server 550 satisfying the request of the user 560 is autonomously selected and the request of the user 560 is transmitted to the server 550.
According to the facilitator having a distributed configuration using a plurality of cells, the user 560 only needs to know the facilitator 500, and is not required to know the specific address of the server 550 and the information such as the kind of data owned by the server 550. Furthermore, a processing cost at a time of operation of the facilitator 500 is distributed to each cell, so that processing is not centralized and a bottleneck is unlikely to be caused. Furthermore, since the individual cells are processed autonomously, they can be managed by separate entities; if a facilitator is assigned to each company, the problems regarding security and allocation of a management cost can be solved. Furthermore, a plurality of access paths can be set, whereby robustness is enhanced. Furthermore, data globally dealt in the entire facilitator 500 does not exist, so that each cell can be corrected and altered independently, and maintained easily. Furthermore, a facilitator can be easily extended and altered by adding a new cell and changing a network configuration among cells.
However, the above-mentioned facilitator having a conventional distributed configuration can solve some problems of the facilitator having a conventional centralized configuration.
However, the facilitator having a conventional distributed configuration has the following problem regarding the security of a system.
The above-mentioned facilitator having a conventional distributed configuration has a flat configuration in which each cell has an independent and equal relationship. Therefore, any cells can directly communicate with each other since there is no particular limit to the communication therebetween. Thus, in an environment in which each cell has a flat relationship, a great amount of effort is required for maintaining the security of a system. If each cell for communication is reliable, the communication among the respective cells can be simplified in terms of management of a system. However, generally, in the case where the communication among a plurality of companies is required on a large-scale network, or in the case of an open network, it is not safe to trust all the cells. In such an environment, according to the facilitator having a conventional distributed configuration using flat cells, there is a possibility that all the cells directly communicate with each other, so that it is required to strictly check all the communication.
The above-mentioned problem is similar to that in the case where communication can be conducted directly by computers on the Internet. All the computers on the Internet can directly communicate with each other only by specifying a host; therefore, it is required to maintain the security of all the computers at a high level so that the problem of data leakage will not arise irrespective of how a computer is accessed by which computer. For this purpose, a system such as a firewall is often provided. The firewall limits or checks communication therethrough, thereby enhancing communication security. By strictly managing the firewall, unauthorized access to a computer in a company on the Internet can be prevented.
The above-mentioned facilitator having a conventional distributed configuration using flat cells correspond to the state having no firewall. In order to enhance the security of the facilitator, it is required to introduce a system corresponding to the firewall.